Documentation

How it works

Every pull request gets its own live environment — provisioned automatically, torn down when the PR closes.

Architecture

What happens when you open a PR

devexfoo — event flow
GitHub App webhook  (PR opened / synchronize / closed)
  → POST /webhooks   (HMAC-verified)
  → job enqueued

deploy-preview worker:
  1. Open GitHub Check Run  (status: in_progress)
  2. Build Docker image  →  push :pr-{N} to registry
  3. Provision environment
       isolated namespace
       Deployment + Service + Ingress
  4. Update Check Run  (success / failure)
  5. Post PR comment:
       Preview: https://pr-{N}-api.devexfoo.com

destroy-preview worker  (PR closed / merged):
  1. Destroy environment
  2. Delete namespace  (safety net)
  3. PR comment: Environment destroyed

Step by step

From install to first preview

01

Install the GitHub App

Visit app.devexfoo.com and click "Connect GitHub". The GitHub App manifest flow handles everything — no manual credential setup needed. Your credentials are stored securely in your cloud vault.

02

Open a pull request

As soon as you push a branch and open a PR, the GitHub App delivers a webhook to devexfoo. The platform verifies the HMAC signature and enqueues a deploy job.

03

Image build kicks off

Your Docker image is built and tagged :pr-{N}, then pushed to your container registry. The build runs in the cloud — no local Docker required.

04

Environment provisioned

A fresh isolated namespace is provisioned with a Deployment, Service, and Ingress. The wildcard DNS record routes traffic automatically — no DNS changes needed per PR.

05

Preview URL in your PR

A GitHub Check Run turns green and a comment is posted to your PR with the live preview URL. Every new push re-runs the pipeline and updates the same comment.

06

Auto-teardown on close

When the PR is merged or closed, the destroy worker tears down the environment completely. No orphaned resources. No manual cleanup.

FAQ

Common questions

Which cloud providers are supported?

AWS, Azure, and GCP. devexfoo provisions resources in your own cloud account — you connect your credentials once during setup.

Do I need to manage Kubernetes myself?

No. devexfoo manages the cluster lifecycle for you. You push code and get a URL — the rest is handled automatically.

What happens to the infra cost?

Infrastructure costs go directly to your cloud account. devexfoo is just the platform layer — you own the data and control the spend.

How is tenant isolation enforced?

Each customer project runs in its own isolated namespace. Network policies and RBAC ensure one tenant cannot access another's resources.

Can I use a custom domain for previews?

Yes, on Starter and above. A wildcard DNS record covers all preview environments — no DNS change needed per PR.